auth: CryptoKey, use dynamic usage keys for sts too

Implement non-zero usage constants for sts too.

14 sts token

Signed-off-by: Marcus Watts <mwatts@redhat.com>

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 1432b3d7795a91ea430ba9e258a4554c3be41469..61c3d56a39e7e39e7bb6979a98eaf0519eadab3d 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -7178,7 +7178,7 @@ rgw::auth::s3::STSEngine::get_session_token(const DoutPrefixProvider* dpp, const
   buffer::list en_input, dec_output;
   en_input = buffer::list::static_from_string(decodedSessionToken);
 
-  ret = keyhandler->decrypt(cct, en_input, dec_output, &error);
+  ret = keyhandler->decrypt_ext(cct, 14, en_input, dec_output, &error);
   if (ret < 0) {
     ldpp_dout(dpp, 0) << "ERROR: Decryption failed: " << error << dendl;
     return -EPERM;

diff --git a/src/rgw/rgw_sts.cc b/src/rgw/rgw_sts.cc
index a4621f3368a9f6d0a626ea88842545b00e7dbd44..ed75bdb1e016fa06395d92040df274982d16b2c4 100644 (file)
--- a/src/rgw/rgw_sts.cc
+++ b/src/rgw/rgw_sts.cc
@@ -146,7 +146,7 @@ int Credentials::generateCredentials(const DoutPrefixProvider *dpp,
   buffer::list input, enc_output;
   encode(token, input);
 
-  if (ret = keyhandler->encrypt(cct, input, enc_output, &error); ret < 0) {
+  if (ret = keyhandler->encrypt_ext(cct, 14, input, enc_output, &error); ret < 0) {
     ldpp_dout(dpp, 0) << "ERROR: Encrypting session token returned an error !" << dendl;
     return ret;
   }